> running scripts or programs written by potentially malicious people is the only reasonable way to do your job
Maybe I'm reading too much into this part of your post, however, if the only way to do your job is to run scripts you download off the Internet, then may I suggest you're doing it wrong (TM) ?
Typically, scripts are very small programs which you implement yourself for your own convenience. They are typically not distributed beyond your immediate team. If the "scripts" grow into applications for which you cannot (or will not) inspect the code yourself, then they are as much a security threat as any other executable from an unknown untrusted source. Now, that risk might be acceptable in some scenarios, but typically, a no-go on any corporate device.